💚📝 Use trusted publishers workflow

.github/workflows/python-publish.yml

@@ -35,23 +35,27 @@
 #   build-n-publish:
 #     name: Build and publish Python 🐍 distributions 📦 to PyPI and TestPyPI
 #     runs-on: ubuntu-latest
+#     # Specifying a GitHub environment, # Specifying a GitHub environment, which is strongly recommended by PyPI: https://docs.pypi.org/trusted-publishers/adding-a-publisher/
+#     # you have to create an environment in your repository settings and add the environment name here
+#     environment: release
+#     permissions:
+#         # IMPORTANT: this permission is mandatory for trusted publishing
+#         id-token: write
 #     needs: tests
 #     steps:
-#       - uses: actions/checkout@v2
+#       - uses: actions/checkout@v4
 #       - name: Set up Python
-#         uses: actions/setup-python@v2
+#         uses: actions/setup-python@v4
 #         with:
 #           python-version: ${{ matrix.python-version }}
 #       - name: Install dependencies
 #         run: |
 #           python -m pip install --upgrade pip
 #           pip install -r dev_requirements/requirements-packaging.txt
-#       - name: Build a binary wheel and a source tarball
+#       - name: Build wheel and source distributions
 #         run: |
 #           python -m build
 #       - name: Publish distribution 📦 to PyPI
 #         if: startsWith(github.ref, 'refs/tags/v')
 #         uses: pypa/gh-action-pypi-publish@release/v1
-#         with:
-#           user: __token__
-#           password: ${{ secrets.PYPI_API_TOKEN }}
+

.pre-commit-config.yaml

@@ -1,18 +1,18 @@
 # to update all repo revisions just run: pre-commit autoupdate
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
       - id: trailing-whitespace
   - repo: https://github.com/psf/black
-    rev: 22.10.0
+    rev: 23.9.1
     hooks:
       - id: black
         language_version: python3
   - repo: https://github.com/pycqa/isort
-    rev: 5.10.1
+    rev: 5.12.0
     hooks:
       - id: isort
         name: isort (python)

README.md

@@ -25,7 +25,6 @@ It doesn't contain any useful code but only a minimal working setup for a Python
   - [isort](https://pycqa.github.io/isort/) import order check
   - [codespell](https://github.com/codespell-project/codespell) spell check (including an ignore list)
   - ready-to-use publishing workflow for pypi (see readme section below)
-
 
 By default, it uses Python version 3.12.
 
@@ -64,38 +63,49 @@ tox -e dev
 
 ```json
 {
-    "python.testing.unittestEnabled": false,
-    "python.testing.nosetestsEnabled": false,
-    "python.testing.pytestEnabled": true,
-    "pythonTestExplorer.testFramework": "pytest",
-    "python.testing.pytestArgs": [
-        "unittests"
-    ],
-    "python.linting.pylintEnabled": true
+  "python.testing.unittestEnabled": false,
+  "python.testing.nosetestsEnabled": false,
+  "python.testing.pytestEnabled": true,
+  "pythonTestExplorer.testFramework": "pytest",
+  "python.testing.pytestArgs": ["unittests"],
+  "python.linting.pylintEnabled": true
 }
 ```
+
 4. Create a `.env` file and insert the following line
 
 For Windows:
+
 ```
 PYTHONPATH=src;${PYTHONPATH}
 ```
+
 For Linux and Mac:
+
 ```
 PYTHONPATH=src:${PYTHONPATH}
 ```
+
 This makes sure, that the imports are working for the unittests.
 At the moment I am not totally sure that it is the best practise, but it's getting the job done.
 
 5. Enjoy 🤗
 
 ## Publishing on PyPI
+
 This repository contains all necessary CI steps to publish any project created from it on PyPI.
+It uses the trusted publishers workflow as described in the [official Python documentation](https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/).
 It just requires some manual adjustments/settings depending on your project:
+
 1. Fill out the metadata in the [`pyproject.toml`](pyproject.toml); Namely the package name and the dependencies which should be in sync with your `requirements.in`.
 2. Uncomment the lines in [`.github/workflows/python-publish.yml`](.github/workflows/python-publish.yml)
-3. In [your PyPI account create a new API token](https://pypi.org/manage/account/#api-tokens). You have to create a token valid for your entire account first, only when the initial push happened, you can create a new token whose scope is limited to this project.
-4. Copy the token and paste it as a new repository secret under `github.com/your-username/your-reponame/settings/secrets/actions/new`. The secrets name should be `PYPI_API_TOKEN` as in the last line of the workflow file you edited in step 2.
+3. Create a [new environment in your GitHub repository](https://github.com/Hochfrequenz/python_template_repository/settings/environments) and call it `release`.
+4. Set up a new trusted publisher [in your PYPI account](https://pypi.org/manage/account/publishing/).
+   1. PyPI Project Name: The name which you defined in the `pyproject.toml` is the name of the project which you have to enter here.
+   2. Owner: The GitHub organization name or GitHub username that owns the repository
+   3. Repository name: The name of the GitHub repository that contains the publishing workflow
+   4. Workflow name: The filename of the publishing workflow. This file should exist in the .github/workflows/ directory in the repository configured above. Here in our case: `python-publish.yml`
+   5. Environment name: The name of the GitHub Actions environment that the above workflow uses for publishing. Here in our case: `release`
 5. Now create a release by clicking on "Create new release" in the right Github sidebar (or visit `github.com/your-username/your-reponame/releases/new`). This should trigger the workflow (see the "Actions" tab of your repo).
 6. Check if the action failed. If it succeeded your PyPI account should now show the new project. It might take some minutes until the package can be installed via `pip install packagename` because the index has to be updated.
 7. Now create another PyPI token with limited scope and update the Github repository secret accordingly.